Securing the New Economy
Project Glasswing and the hidden fight to keep the Agentic Web safe.
I spent this week staring at two documents that feel like they came from a sci-fi movie.
But they didn’t.
They were published by the two biggest names in AI right now.
The first is an announcement from Anthropic about Project Glasswing.
The second is a 42-page research paper from Google DeepMind called “AI Agent Traps.”
After reading them both, I realized we are currently in a race to build the most powerful AI defenders the world has ever seen.
And at the exact same time, we are realizing the web is becoming a minefield for them.
Let me show you what I mean.
The Model That Is “Too Good” at Finding Bugs
Anthropic just announced Project Glasswing.
It is a massive alliance including AWS, Apple, Google, Microsoft, NVIDIA, and more.
They formed it because they built a model called Claude Mythos Preview.
And Mythos is terrifyingly good at coding.
It has already found thousands of high-severity vulnerabilities, including bugs in every major operating system and web browser.
Think about that.
Mythos found a 27-year-old vulnerability in OpenBSD, which is famous for being one of the most secure systems in the world.
It found a bug in FFmpeg that automated testing tools had hit five million times without ever noticing.
Anthropic is so “worried” about this capability that they aren’t releasing Mythos to the public.
They are only giving it to Glasswing partners to help them find and fix bugs before the bad actors build their own versions of Mythos.
We are using AI to build a “Digital Shield” for the world’s code.
But there is a catch.
The Environment Is the Weapon
While Anthropic is trying to fix the code, Google DeepMind is warning us about the content.
The DeepMind paper identifies a new threat: AI Agent Traps.
These are pieces of content hidden on websites designed to manipulate, deceive, or exploit visiting agents.
DeepMind broke these down into six types of attacks:
Content Injection: Hiding commands in HTML or CSS that humans can’t see, but agents “read.”
Semantic Manipulation: Using biased language to “trick” an agent’s reasoning.
Cognitive State Traps: Poisoning an agent’s long-term memory or knowledge base.
Behavioural Control: Hijacking an agent to make it take unauthorized actions, like stealing your data.
Systemic Traps: Triggering “flash crashes” or congestion by tricking many agents at once.
Human-in-the-Loop Traps: Using an agent to exploit the cognitive biases of the human overseeing it.
Think of it like this.
If an autonomous car is a physical agent, an agent trap is like a vandal changing a “Stop” sign to look like a “Go” sign.
The car isn’t broken.
Its perception of the world was manipulated.
What I’m Connecting
Here is the pattern I am seeing,
Project Glasswing is about securing the infrastructure of the web.
AI Agent Traps is about securing the integrity of the web.
We are entering a world where your agent might be running on a perfectly secure operating system, thanks to Glasswing, but it can still be hacked just by reading a website.
If an agent reads a poisoned document, it doesn’t matter how secure the code is.
The agent now believes a lie.
And because agents are becoming our delegates, buying things for us, managing our calendars, or writing our code, that lie can have real-world consequences.
DeepMind even mentions an Accountability Gap.
If your agent is tricked into committing a financial crime, who is responsible?
You? The AI provider? The person who set the trap?
Right now, nobody knows the answer.
The “Human + Agent” Audit
If you are a business owner or a creator, this shift changes your job.
In the old web, you just had to make sure you didn’t have malware on your site.
In the agentic web, you have to prove you are trustworthy.
If your site uses “dark patterns” to trick humans, it might accidentally look like an “Agent Trap” to a visiting AI.
And if an agent flags your site as manipulative, you become invisible.
Here is a 2-step audit for your site this week:
Check your Invisible Layer. Do you have old SEO tricks, like hidden text, or complex CSS that might confuse an agent’s parser? DeepMind shows that agents can be partially commandeered in 86% of simple injection scenarios.
Verify your Data Integrity. If an agent retrieves information about your business from a third-party site, is that information accurate? RAG Knowledge Poisoning is real. If the web believes something wrong about you, your agent will too.
As Anthropic and Google fight to secure the code and the content, our job is to stay Human and Agent Ready.
-Farhad